A major risk to the Social CRM enterprise resides on an organization’s employees’ PCs, laptops and mobile devices. Malicious code can take many forms: a computer virus, a “Trojan”, or active content like Java and ActiveX programs. Excellent anti-virus protection tools exist and should be implemented by all organizations, but they must be coupled with prudent end-user behavior to be effective. Here is a discussion of Social CRM systems software security risks.

Beyond protecting individual devices, the immediate need is to secure the network where these devices communicate. Organizations must look at company-wide firewalls and even personal firewalls for employees. However, these firewalls are only as good as their configuration.

The same is true of individual pieces of software. Software vendors purposely try to make installing software easy. Even if users know nothing about software, they can select system defaults in software installation programs. To reduce the number of attack points, employees should turn off any software functionality that they do not plan to use. Still, it is almost impossible to prevent new security holes from appearing as software updates take place. Networks are constantly changing due to upgrades and add-ons. This requires ongoing vigilance from IT managers to ensure that software installations are secure.

The complexity of software combinations makes it practically impossible to discover and resolve all potential security exposures. Even if each individual software component is secure, exposures can also result from combining and integrating different applications. Many times, system administrators must take it on faith that the individual components will provide acceptable security.

How do organizations judge the risks embedded in their current Social CRM systems? How do they determine if the investments related to reducing risks are warranted? As usual, it is a cost/benefit analysis.

What resources need to be protected?

What is the cost of loss or compromise?

What is the cost of protection?

What is the likelihood of loss or compromise?

What is the cost to an organization?

An organization’s vulnerability is hard to compute because the effectiveness of security countermeasures defies quantification. What is the probability of a security breach versus the cost of prevention? IT managers must develop metrics that, while not foolproof, still provide guidelines for evaluating the costs and benefits of various measures.

In the real world, organizations also face budgetary constraints, so tradeoffs must be made. Each organization needs to decide which risks should receive attention and investment. These decisions must be aligned with the organization’s overall security policy. A dedicated overall security budget should be allocated, and reconciled with individual business unit budgets. Then, these decisions must be documented and must guide implementation plans for all Social CRM applications.

See my next post for recommendations for developing an appropriate Social CRM security policy.

– – – – – – – — – – – – – –

Barton Goldenberg, is the founder and president of ISM Inc., customer-centric strategists/implementers serving best-in-class organizations globally. As a CRM leader for 30 years, he was among the first three inductees in the CRM Hall of Fame. Recognized as a leading “customer-focused” author, his latest book, The Definitive Guide to Social CRM, is hailed as the roadmap for Social CRM success. Barton is a popular speaker on “maximizing customer relationships to gain market insights, customers and profits”. He is a long-term columnist for CRM Magazine and speaker for CRMevolution and frequently quoted in the media.